We already know about this suggestion/practice to use char[]
instead of String
for sensitive data. There is multiple reasons for it. One is to clean up the sensitive data right after they are not needed anymore:
char[] passwd = passwordProvider.getKeyStorePassword();
KeyStore keystore = KeyStore.getInstance("JKS");
// TODO: Create the input stream;
keystore.load(inputstream, passwd);
System.arraycopy(new char[passwd.length], 0, passwd, 0, passwd.length);
// Please continue...
Now the question: does it (i.e. using char[]
) make sense (specifically the point mentioned above), when the sensitive data comes to you originally as String
value? for example:
char[] passwd = passwordProvider.getKeyStorePassword().toCharArray();
KeyStore keystore = KeyStore.getInstance("JKS");
// TODO: using the passwd, load the keystore;
System.arraycopy(new char[passwd.length], 0, passwd, 0, passwd.length);
// Please continue...
Thanks in advance.
UPDATE2: I'll rephrase the question: in this specific context (forget about changes in future or anything else), does the line "clearing the content of char array" do any good?
UPDATE1: it's not a duplication of Why is char[] preferred over String for passwords? I know what the story is. I'm asking in this specific context, does it still make sense?
Since Strings are immutable there is no way the contents of Strings can be changed because any change will produce a new String, while if you use a char[] you can still set all the elements as blank or zero. So storing a password in a character array clearly mitigates the security risk of stealing a password. 2.
Security: Any one who has access to memory dump can find the password in clear text and that's another reason to use encrypted password than plain text. So Storing password in character array clearly mitigates security risk of stealing password.
A char array is harder to manage than a string and certain functions may only accept a string as input, requiring you to convert the array to a string. It's better to use strings, they were made so that you don't have to use arrays.
That's all on why character array is a better choice than String for storing passwords in Java. Though using char[] is not just enough you need to erase content to be more secure.
It seems to me that it's a security problem in the design of the API of the password provider that it returns a String
.
But, if you have to work with that API, converting to char[]
immediately means that you aren't preventing the String
instance from being GC'd, because you're not holding a reference to it for any longer than is absolutely necessary.
So, it makes sense to use char[]
here because you "aren't making it worse".
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With